CVE-2018-18903

moderate-risk
Published 2018-11-03

Vanilla 2.6.x before 2.6.4 allows remote code execution.

Do I need to act?

~
4.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 9f12b221c5287fef0a946a7d056ca414e1e0c8ca
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Vanilla

Affected Vendors

Vanillaforums

References (6)

Release Notes https://github.com/vanilla/vanilla/releases/tag/Vanilla_2.6.4
Release Notes https://open.vanillaforums.com/discussion/36771/security-update-vanilla-2-6-4
Exploit https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-va...
Release Notes https://github.com/vanilla/vanilla/releases/tag/Vanilla_2.6.4
Release Notes https://open.vanillaforums.com/discussion/36771/security-update-vanilla-2-6-4
Exploit https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-va...
45
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 5/34 · Minimal